Perhaps they're implementing OAuth... I'm curious as to how DotABuff is still managing to keep up to date data even though the API isn't working.
Perhaps they're implementing OAuth... I'm curious as to how DotABuff is still managing to keep up to date data even though the API isn't working.
Same way stats.dota2.be existed before the api was announced, whatever that was.Originally Posted by Ruirize
They are pretending to be a client and spoofing the request packets. Whether or not this is circumventing the API is up for Valve to decide. I can't blame them for doing it though.
Okay so its completely fine to give users the key generation link, tell them to enter a bogus domain and enter the key in the tool settings? That's good news, then!There's nothing stopping you from doing that. I'm assuming by "non-web-based" you mean a desktop application and not something that runs in a browser. Any app that uses this api would obviously need to be connected to the internet, but nothing forces it to be running in a web browser. The domain name section you fill in when requesting a key isn't used to restrict that key's access to a particular domain. It's just for Valve's own purposes, presumably so they can have an idea of what/how many sites are using the service.
Edit: If you're worried about including your key in an application (certainly a valid concern!), then you could set up a server for your application and have your application access your server, which then accesses the webAPI using your key. That way you wouldn't have to worry about someone "stealing" your key from your application.
I don't have to supply any headers, then, just an InternetOpen/InternetOpenUrl will do?
Yep, that should work fine.
Making every user generate their own API key will remove Valve's ability to monitor the consumption of their API by your application, which is a major reason for an API key.
Any non-web application will have some sort of library or method to make an HTTP request, even if it is not a "web application". Use that and generate one API key for your application.
Yeah, that's great and all, but you're abusing the privilege. You can't expect Valve to continue to allow unlimited API requests if people are creating 'fake' domains to use your application.
Yea.. and if one user abuses it, no one can use it anymore because it gets blocked.. also users could exctract the API key and use it in anyway they want. Also Valve would see large amount of use of that one API key from different IP addresses and would probably block it also. Every user should get it's own API key. If they choose to use it in a certain application, its their responsibility.
maybe Zoid could comment on the issue.
Last edited by Arie; 09-14-2012 at 01:08 AM.
Nope, http://dev.dota2.com/showthread.php?...ain#post290935
What? I think you are confused on some basic concepts. The user would never see the API key, it would not be able to be abused or extracted. Every user should not get their own API key.
edit: I was incorrect here, the API key would be able to be extracted by someone with the desire and tools.
Last edited by walkingcarpet; 09-15-2012 at 11:22 AM.
Posting Permissions
Reply With Quote